Ransomware Gang Lockbit Claims to Have Gained Access to Italian Revenue Agency 

Ransomware Gang Lockbit Claims to Have Gained Access to Italian Revenue Agency

The Italian Revenue Agency (Agenzia delle Entrate), which the ransomware gang Lockbit says was compromised, has been added to the list of victims listed on its dark web leak website. 

“The Revenue Agency, operational since 1 January 2001, was born from the reorganization of the Financial Administration following the Legislative Decree No. 300 of 1999.
It has its own statute and specific regulations governing administration and accounting.
The bodies of the Agency are made up of the Director, the Management Committee, the Board of Auditors.” as per the message posted on the leak website. “From 1 December 2012 the Revenue Agency incorporated the Territory Agency (article 23-quater of Legislative Decree 95/2012).” 

The gang claims to have stolen 78GB of data, which included contracts, financial reports, scans of corporate documents, and financial reports. It soon intends to share images of the files and samples. If the attack is real, it may rank among the worst occurrences seen by Italian government entities. The Italian Revenue Agency, also known as the Agenzia delle Entrate, is responsible for enforcing the country’s financial laws and collecting taxes. The organization offers both Italian and non-Italian taxpayers a number of online services. 

It is yet unknown if the ransomware group has already been in touch with the Italian authorities or how much money it wants in ransom. According to the Lockbit ransomware group, the Agency has five days to pay the ransomware to prevent the release of stolen data. The group is now one of the most active ransomware gangs and has been operating at least since 2019. The Lockbit ransomware organization published LockBit 3.0 at the end of June, which includes significant advancements including a bug bounty program, Zcash payment, and new extortion methods. 

Recent attacks have already exploited the ransomware’s updated version 3.0. The launch of the bug bounty program made news; it is the first time a ransomware gang has requested that cyber security professionals submit flaws to improve their software. The gang declared that it is paying prizes of up to $1 million. In order to further its operations, the ransomware gang will also reward “brilliant ideas.” 

Another innovation is that the gang now accepts Zcash payments in addition to Monero and Bitcoin to maintain their anonymity. Additionally, the LockBit 3.0 operation employs a novel extortion scheme that enables threat actors to purchase data that has been taken from the targets of the operations. This implies that a person may buy taxpayer data for use in a variety of financial frauds. 

An excerpt from the statement made public by Sogei, the government agency in charge of overseeing the Agenzia delle Entrate’s IT infrastructure, is: 

“From the technical investigations carried out, Sogei therefore excludes that a computer attack on the site of the Revenue Agency may have occurred.” 

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.